Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non-preemptive Semantics for Data-race-free Programs

Published byVera Kurnia Modified over 5 years ago

Similar presentations

Presentation on theme: "Non-preemptive Semantics for Data-race-free Programs"— Presentation transcript:

1 Non-preemptive Semantics for Data-race-free Programs
Siyang Xiao(USTC),Hanru Jiang(USTC), Hongjin Liang(NJU),Xinyu Feng(NJU) ICTAC 2018, Stellenbosch, South Africa, Oct 19

2 Concurrent Program Thread 1 Thread 2 Thread 3 Shared States
Parallel Threads Shared States Interleaving Semantics Called preemptive semantics in this talk

3 Concurrent Program Simple Example: 6 possible execution sequences
1 possible result (x,r1:42 y,r2:24) No shared variable No need to consider all interleaving

4 Concurrent Program 70 possible execution sequences
z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2; 70 possible execution sequences 2 possible results ( final value of y is 24 or 66)

5 Concurrent Program Properly Synchronized
x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2; Properly Synchronized Access to shared variable are inside critical regions

6 Data Race Free All access to shared variable are inside critical regions The program has no data race z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2;

7 Folklore Data-race-free (DRF) programs only need to consider interleaving at synchronization points

8 Intuition Code inside critical sections cannot be interrupted by other threads z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2;

9 Intuition Code outside critical sections has no influence on other threads z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2;

10 Intuition Only the boundaries of critical regions matter z = 0
Update the shared variables Interleaving allows other threads to access shared resources z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2;

11 Folklore Data-race-free (DRF) programs only need to consider interleaving at synchronization points Code inside critical sections cannot be interrupted by other threads Code outside critical sections has no influence on other threads Only the boundaries of critical sections matters

12 Non-Preemptive Semantics
Only allow interleaving at certain points: Example: beginning & end of critical regions z = 0 x := 42; r1 := x; <z:=x ; r1:= z+1>; x:=x+r1; y := 24; r2 := y; <y:=z ; z:=z+1>; y:=y+r2;

13 Non-Preemptive Execution
r1:=x; y:=24; r2:=y; x:42 y:24 z:0 r1:42 r2:24 x:42 y:24 z:42 r1:43 r2:24 x:42 y:0 z:1 r1:42 r2:24 x:42 y:0 z:0 r1:42 r2:0 x:42 y:24 z:1 r1:42 r2:24 x:85 y:24 z:42 r1:43 r2:24 x:0 y:0 z:0 r1:0 r2:0 <z:=x; r1:=z+1>; <y:=z; z:=z+1>; x:=x+r1; y:=y+r2;

14 Non-Preemptive Execution
r1:=x; y:=24; r2:=y; x:42 y:0 z:42 r1:43 r2:0 x:42 y:66 z:42 r1:43 r2:24 x:42 y:24 z:42 r1:43 r2:24 x:42 y:0 z:0 r1:42 r2:0 x:42 y:42 z:43 r1:43 r2:24 x:85 y:66 z:42 r1:43 r2:24 x:0 y:0 z:0 r1:0 r2:0 <z:=x; r1:=z+1>; <y:=z; z:=z+1>; x:=x+r1; y:=y+r2;

15 Questions Can we further reduce the number of interleaving points?
Is it necessary to consider interleaving at both boundaries of critical sections? I/O commands introduce observable effects. Will they affect the choice of interleaving points? How will non-termination, as a special effect, affect the choice of interleaving points?

16 Contributions Give answer to these questions, and present our non-preemptive semantics. Try to reduce the interleaving points as many as possible Prove it’s equivalent to preemptive semantics for DRF programs Propose a new notion of DRF (called NPDRF) based on non-preemptive semantics Prove it’s equal to DRF in preemptive semantics. We can reason about the behavior of data-race-free programs solely under our non-preemptive semantics

17 Question Can we further reduce the number of interleaving points?
We may only consider interleaving at the end of critical regions.

18 Question Can we further reduce the number of interleaving points?
We may only consider interleaving at the end of critical regions. But we cannot only consider interleaving at the beginning of critical sections.

19 Counterexample x = 0 <x:=1> ; while(true) skip; <r:=x> ; print(r); If we only allow interleaving at the beginning of critical sections, this program can only print 0. But in preemptive semantics, it can print 1

20 Non-preemptive Execution
<r:=x> infinite loop print(r) Output: 0 No output

21 Preemptive Execution <x:=1> <r:=x> infinite loop print(r)
Output 1

22 Question Can we further reduce the number of interleaving points?
In our paper, we prove it is correct to only consider the end of critical regions as interleaving points.

23 Question I/O commands introduce new observable effects. Will they affect the choice of interleaving points? Yes. We need to take print command as a point for interleaving.

24 Example Possible result in preemptive execution: 1-2-0 1-0-2 0-1-2
If interleaving not allowed at print command Possible result: print(1); print(2); print(0);

25 Further discussion What if we observe the output of each thread instead of the whole sequence? print(1); print(2); print(0); 1-2

26 Further discussion What if we observe the output of each thread instead of the whole sequence? Still need to allow interleaving at print command print(1); while(true) skip; print(0); while(true) skip; 1

27 Principle There must be at least one interleaving point between any two consecutive externally observable effects generated at runtime in the same thread Externally observable effects includes: Output Access of shared variables(inside critical region) Non-termination

28 Non-termination Non-termination plays an important role when choosing interleaving points print(1); while(true) skip; print(0); while(true) skip; x = 0 <x:=1> ; while(true) skip; <r:=x> ; print(r);

29 Non-termination Example:
Print command after non-termination can never be executed, thus it cannot generate observable behavior No need for interleaving points print(1); while(true) skip; print(2); print(0); while(true) skip;

30 Our Non-preemptive Semantics
Limits interleaving at such points: End of critical regions End of print step End of current thread

31 Justifying Our non-preemptive Semantics is equivalent to standard preemptive semantics. DRF programs behave the same under non-preemptive and preemptive semantics.

32 Equivalence of Semantics
Theorem: DRF Programs should behave the same under preemptive semantics and non-preemptive semantics. We need to formally define program behaviors and DRF.

33 Program Behavior--Trace
Program behavior is defined by the trace of output and other observable events Traces are co-inductively defined. They can be infinite. Traces can be empty.

34 Program Behavior--Trace
print(1) print(0) print(2) 1 2 Done

35 Data Race Freedom If a program have no data race, then it is data-race-free. What is a data race?

36 Data Race Definition: Two threads making conflicting actions at the same time. We need to record the memory access(called footprints).

37 Footprint Footprint: Record of memory location Two parts: read & write
Ex: [12]:=0 Write: [12]

38 Footprint Footprint: Record of memory location Two parts: read & write
Ex: x:=[1] Read: [1] Write: x

39 Footprint Footprint: Record of memory location Two parts: read & write
Only need to record shared resources Data race only concerns shared resources

40 Conflicting Footprints
Two footprints have a same location in their write sets, or one’s read set and the other’s write sets. x:=[1] Read: [1] Write: x [1]:=12 Read: 𝜙 Write: [1]

41 Data Race Definition: How to predict a footprint?
At interleaving points, the predicted footprints of any two threads are conflicting. How to predict a footprint?

42 Prediction P 𝛿 1 =({[1]},𝜙) x:=[1] [2]:=5; x:=x+1; [1]:=0 y:=y+1;

43 Prediction P x:=[1] [2]:=5; [1]:=0 x:=x+1; 𝛿 1 =({[1]},𝜙)
𝛿 2 =(𝜙,{[2]}) x:=[1] [2]:=5; 𝛿 3 =(𝜙,{[1]}) x:=x+1; [1]:=0 y:=y+1;

44 Prediction P x:=[1] [2]:=5; [1]:=0 x:=x+1; 𝛿 1 =({[1]},𝜙)
𝛿′=(𝜙,{ 1 ,[2]}) x:=x+1; [1]:=0 y:=y+1;

45 Prediction P RACE x:=[1] [2]:=5; [1]:=0 x:=x+1; 𝛿 1 =({[1]},𝜙)
𝛿′=(𝜙,{ 1 ,[2]}) x:=x+1; [1]:=0 y:=y+1;

46 Prediction Prediction must be made at interleaving points.
To make the prediction executable

47 Counterexample Assume the initial value of [0] is 0.
(A) (B) (C) Assume the initial value of [0] is 0. This program has no data race, because x can never be 42 and thread B can never write [1]. <[0]:=42; [0]:=0>; <x:=[0]; if(x=42) [1]:=42 else skip>; [1]:=0;

48 Counterexample (A) (B) (C) If we predict from here, where [0] is 42, we may predict a false race. <[0]:=42; [0]:=0>; <x:=[0]; if(x=42) [1]:=42 else skip>; [1]:=0;

49 Prediction Prediction must be made at interleaving points.
To make the prediction executable Two predictions inside critical regions are never conflicting

50 Data Race 𝑡 1 and 𝑡 2 are two different threads
𝛿 1 and 𝛿 2 are the conflicting footprints (at least one not inside critical regions) 𝑊 𝑎 not inside critical regions 𝑊 1 𝑡 1 𝛿 1 𝑊 0 𝑊 𝑎 𝑡 2 𝛿 2 𝑊 2

51 Data Race Free If at any interleaving point, the program have no data race, then the program is data race free (DRF)

52 Equivalence of Semantics
Theorem: DRF Programs should have the same trace under preemptive semantics and non-preemptive semantics. Any trace in preemptive execution can be found in non-preemptive execution

53 Data Race Freedom DRF is a property in preemptive semantics
We need to consider all the interleaving If we consider DRF in non-preemptive, we may reduce the interleaving and consider solely under non-preemptive.

54 Non-Preemptive Prediction
Prediction of execution must be made at such points The beginning of the program Interleaving points The end of critical regions The end of print command The end of current thread

55 Non-Preemptive Prediction
Prediction must includes steps before critical regions Prediction from the last interleaving point to the racy statements Skip; <[0]:=42>; [0]:=1;

56 Non-Preemptive Data Race
Predict at the beginning : 𝑡 1 and 𝑡 2 are two different threads 𝛿 1 and 𝛿 2 are the predicted conflicting footprints 𝑊 1 𝑡 1 𝑊 0 𝛿 1 𝑡 2 𝛿 2 𝑊 2

57 Non-Preemptive Data Race
Predict at the interleaving points: 𝑊 𝑎 switches to 𝑊 𝑏 Then start the prediction at 𝑊 𝑏 𝑊 1 𝑡 1 𝑠𝑤 𝑊 0 𝑊 𝑎 𝑊 𝑏 𝛿 1 𝑡 2 𝛿 2 𝑊 2

58 Equivalence of Data Race
Lemma: If a program has a data race in preemptive semantics, it also has a data race in non-preemptive semantics.

59 Equivalence of DRF Theorem:
If a program has no data race in non- preemptive semantics, it also has no data race in preemptive semantics.

60 Conclusion Present our non-preemptive semantics.
Prove DRF programs behave the same under preemptive and non-preemptive semantics. Propose a new notion of DRF (called NPDRF) based on non-preemptive semantics Prove it’s equal to DRF in preemptive semantics. We can reason about the behavior of data-race-free programs solely under our non-preemptive semantics

Download ppt "Non-preemptive Semantics for Data-race-free Programs"

Similar presentations

While loops.

While loops.
Models of Concurrency Manna, Pnueli.

Models of Concurrency Manna, Pnueli.
A Rely-Guarantee-Based Simulation for Verifying Concurrent Program Transformations Hongjin Liang, Xinyu Feng & Ming Fu Univ. of Science and Technology.

A Rely-Guarantee-Based Simulation for Verifying Concurrent Program Transformations Hongjin Liang, Xinyu Feng & Ming Fu Univ. of Science and Technology.
Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.

Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.
Nested Parallelism in Transactional Memory Kunal Agrawal, Jeremy T. Fineman and Jim Sukha MIT.

Nested Parallelism in Transactional Memory Kunal Agrawal, Jeremy T. Fineman and Jim Sukha MIT.
/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.

/ PSWLAB Atomizer: A Dynamic Atomicity Checker For Multithreaded Programs By Cormac Flanagan, Stephen N. Freund 24 th April, 2008 Hong,Shin.
Concurrency.

Concurrency.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space 03-640-760603-640-5358 html://www.cs.tau.ac.il/~msagiv/courses/sem03.html.

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
C. Varela; Adapted w/permission from S. Haridi and P. Van Roy1 Declarative Computation Model Kernel language semantics Carlos Varela RPI Adapted with permission.

C. Varela; Adapted w/permission from S. Haridi and P. Van Roy1 Declarative Computation Model Kernel language semantics Carlos Varela RPI Adapted with permission.
1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.

1 Sharing Objects – Ch. 3 Visibility What is the source of the issue? Volatile Dekker’s algorithm Publication and Escape Thread Confinement Immutability.
Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson

Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson
Compositional Verification of Termination-Preserving Refinement of Concurrent Programs Hongjin Liang Univ. of Science and Technology of China (USTC) Joint.

Compositional Verification of Termination-Preserving Refinement of Concurrent Programs Hongjin Liang Univ. of Science and Technology of China (USTC) Joint.
Defining Liveness by Bowen Alpern and Fred B. Schneider Presented by Joe Melnyk.

Defining Liveness by Bowen Alpern and Fred B. Schneider Presented by Joe Melnyk.
Hwajung Lee. Well, you need to capture the notions of atomicity, non-determinism, fairness etc. These concepts are not built into languages like JAVA,

Hwajung Lee. Well, you need to capture the notions of atomicity, non-determinism, fairness etc. These concepts are not built into languages like JAVA,
Hwajung Lee. Why do we need these? Don’t we already know a lot about programming? Well, you need to capture the notions of atomicity, non-determinism,

Hwajung Lee. Why do we need these? Don’t we already know a lot about programming? Well, you need to capture the notions of atomicity, non-determinism,
Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications Chapter.

Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications Chapter.
Chapter 1 Section 1 - Slide 1 Copyright © 2009 Pearson Education, Inc. AND.

Chapter 1 Section 1 - Slide 1 Copyright © 2009 Pearson Education, Inc. AND.
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.

Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:

Week 9, Class 3: Java’s Happens-Before Memory Model (Slides used and skipped in class) SE-2811 Slide design: Dr. Mark L. Hornick Content: Dr. Hornick Errors:

Similar presentations

Ads by Google